Vulnerabilities > CVE-2013-4421 - Numeric Errors vulnerability in Dropbear SSH Project Dropbear SSH

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
dropbear-ssh-project
CWE-189
nessus

Summary

The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory consumption) via a compressed packet that has a large size when it is decompressed.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2013-261.NASL
    descriptionUpdated dropbear package fixes security vulnerability : Possible memory exhaustion denial of service due to the size of decompressed payloads in dropbear before 2013.59 (CVE-2013-4421). Inconsistent delays in authorization failures could be used to disclose the existence of valid user accounts in dropbear before 2013.59 (CVE-2013-4434).
    last seen2020-06-01
    modified2020-06-02
    plugin id70680
    published2013-10-29
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70680
    titleMandriva Linux Security Advisory : dropbear (MDVSA-2013:261)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2013:261. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(70680);
      script_version("1.6");
      script_cvs_date("Date: 2019/08/02 13:32:55");
    
      script_cve_id("CVE-2013-4421", "CVE-2013-4434");
      script_bugtraq_id(62958, 62993);
      script_xref(name:"MDVSA", value:"2013:261");
    
      script_name(english:"Mandriva Linux Security Advisory : dropbear (MDVSA-2013:261)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Mandriva Linux host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated dropbear package fixes security vulnerability :
    
    Possible memory exhaustion denial of service due to the size of
    decompressed payloads in dropbear before 2013.59 (CVE-2013-4421).
    
    Inconsistent delays in authorization failures could be used to
    disclose the existence of valid user accounts in dropbear before
    2013.59 (CVE-2013-4434)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://advisories.mageia.org/MGASA-2013-0318.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected dropbear package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:dropbear");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/10/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/29");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"dropbear-2013.59-1.mbs1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-18703.NASL
    descriptionNew version/Unbundle libtom*/harden build/AArch64 support. [edited]: CVE-2013-4421 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-11-11
    plugin id70814
    published2013-11-11
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70814
    titleFedora 20 : dropbear-2013.59-1.fc20 (2013-18703)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-839.NASL
    descriptiondropbear was updated to version 2013.60 to fix following bugs : - Fix
    last seen2020-06-05
    modified2014-06-13
    plugin id75194
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75194
    titleopenSUSE Security Update : dropbear (openSUSE-SU-2013:1696-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-811.NASL
    descriptiondropbear was updated to version 2013.60 to fix following bugs : - Fix
    last seen2020-06-05
    modified2014-06-13
    plugin id75182
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75182
    titleopenSUSE Security Update : dropbear (openSUSE-SU-2013:1616-1)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_8C9B48D1371511E3A62400262D8B701D.NASL
    descriptionThe Dropbear project reports : A weakness and a vulnerability have been reported in Dropbear SSH Server, which can be exploited by malicious people to disclose certain sensitive information and cause a DoS.
    last seen2020-06-01
    modified2020-06-02
    plugin id70484
    published2013-10-18
    reporterThis script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70484
    titleFreeBSD : dropbear -- exposure of sensitive information, DoS (8c9b48d1-3715-11e3-a624-00262d8b701d)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-18593.NASL
    descriptionNew version/Unbundle libtom*/harden build/AArch64 support. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-10-20
    plugin id70507
    published2013-10-20
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70507
    titleFedora 19 : dropbear-2013.59-1.fc19 (2013-18593)
  • NASL familyMisc.
    NASL idDROPBEAR_SSH_59.NASL
    descriptionAccording to its self-reported banner, the version of Dropbear SSH running on this port is earlier than 2013.59. As such, it is potentially affected by multiple vulnerabilities : - A denial of service vulnerability caused by the way the
    last seen2020-06-01
    modified2020-06-02
    plugin id70545
    published2013-10-22
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70545
    titleDropbear SSH Server < 2013.59 Multiple Vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-18606.NASL
    descriptionNew version/Unbundle libtom*/harden build/AArch64 support. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-10-20
    plugin id70508
    published2013-10-20
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70508
    titleFedora 18 : dropbear-2013.59-1.fc18 (2013-18606)